From: Pieter Danhieux (opr@bsdaemon.be)
Date: Wed Nov 01 2006 - 12:23:29 EST
Juan,
create a perl script which generates a dictionairy file for you with all
the potentail usernames, and another file with the potential passwords.
Load a dictionairy attack with Hydra.
Also, check wether the loginnames are LIMITED to 4 chars or EXACTLY 4
chars. Same remark for passwords. This could save you a lot of login
attempts ...
kind regards,
-- Pieter Danhieux CISSP, GSEC, GCIH, CISA, GCFA On Tue, 31 Oct 2006, Juan B wrote: > Hi, > > I am conducting a pen test for a client of mine. > in his web server he is using basic authntication > (base 64) > I need to issue a brute force attack against his > authentication scheme. > I know that the users and password are all numbers. > foe example the user might be something as: > 5486 > and the password could be : > > 546846533 > The users are limited to 4 numbers and the passwords > for 8 numbers. > > How I can tell brutus or hydra to use only numbers in > the brute force? > > Thanks very much ! > > Juan > > > > ____________________________________________________________________________________ > Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates > (http://voice.yahoo.com) > > > ------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Need to secure your web apps? > Cenzic Hailstorm finds vulnerabilities fast. > Click the link to buy it, try it or download Hailstorm for FREE. > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:16 EDT